Releases: NVIDIA/OpenShell
Releases · NVIDIA/OpenShell
OpenShell v0.0.26
OpenShell v0.0.26
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.26 shWhat's Changed
- docs(fern): migrate OpenShell docs to Fern by @lbliii in #780
- refactor(server): split grpc.rs into submodules by @drew in #777
- ci(gpu): add separate GPU test workflows by @pimlock in #773
- feat(vm): add openshell-vm crate with libkrun microVM gateway by @drew in #611
- docs(fern): finalize preview workflow and nav cleanup by @pimlock in #784
New Contributors
Full Changelog: v0.0.25...v0.0.26
Contributors
drew, pimlock, and lbliii
Assets 9
OpenShell VM Development Build
Rolling development build of openshell-vm — the MicroVM runtime for OpenShell.
NOTE: This is a development build, not a tagged release, and may be unstable.
Kernel Runtime Artifacts
Pre-built kernel runtime (libkrunfw + libkrun + gvproxy) for embedding into
the openshell-vm binary. These are rebuilt when the kernel config or pinned
dependency versions change.
| Platform | Artifact |
|---|---|
| Linux ARM64 | vm-runtime-linux-aarch64.tar.zst |
| Linux x86_64 | vm-runtime-linux-x86_64.tar.zst |
| macOS ARM64 | vm-runtime-darwin-aarch64.tar.zst |
VM Binaries
Self-extracting openshell-vm binaries with embedded kernel runtime and base
rootfs. These are rebuilt on every push to main.
| Platform | Artifact |
|---|---|
| Linux ARM64 | openshell-vm-aarch64-unknown-linux-gnu.tar.gz |
| Linux x86_64 | openshell-vm-x86_64-unknown-linux-gnu.tar.gz |
| macOS ARM64 | openshell-vm-aarch64-apple-darwin.tar.gz |
Quick install
curl -fsSL https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install-vm.sh | sh
Auto-detects your platform, verifies checksums, and codesigns on macOS.
OpenShell Development Build
This build is automatically published on every commit to main that passes CI.
NOTE: This is a development build, not a tagged release, and may be unstable.
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=dev sh
OpenShell v0.0.25
OpenShell v0.0.25
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.25 shWhat's Changed
- feat(sandbox): integrate OCSF structured logging for sandbox events by @johntmyers in #720
Full Changelog: v0.0.24...v0.0.25
Contributors
johntmyers
Assets 9
OpenShell v0.0.24
OpenShell v0.0.24
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.24 shWhat's Changed
Full Changelog: v0.0.23...v0.0.24
Contributors
drew
Assets 9
OpenShell v0.0.23
OpenShell v0.0.23
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.23 shWhat's Changed
Full Changelog: v0.0.22...v0.0.23
Contributors
drew
Assets 9
OpenShell v0.0.22
OpenShell v0.0.22
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.22 shWhat's Changed
- fix(cli): sandbox upload overwrites files instead of creating directories by @drew in #694
- feat(bootstrap): resume gateway from existing state and persist SSH handshake secret by @drew in #488
- fix(security): bump container dependencies to remediate 10 CVEs by @johntmyers in #736
- fix(security): update OSS dependencies to remediate 3 high-severity CVEs by @johntmyers in #737
- fix(sandbox): harden seccomp filter to block dangerous syscalls by @johntmyers in #740
- test(e2e): replace flaky Python live policy update tests with Rust by @johntmyers in #742
- fix: remediate 9 security findings from external audit (OS-15 through OS-23) by @johntmyers in #744
- fix(bootstrap,server): persist sandbox state across gateway stop/start cycles by @drew in #739
Full Changelog: v0.0.21...v0.0.22
Contributors
drew and johntmyers
Assets 9
OpenShell v0.0.21
OpenShell v0.0.21
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.21 shWhat's Changed
- fix(install): make checksum verification mandatory and validate redirect origin by @drew in #724
- docs: add legal disclaimer and alpha banner by @miyoungc in #726
- docs: add security best practices by @miyoungc in #714
- fix(cli): add missing Copilot variant to CliProviderType enum by @johntmyers in #713
- fix(sandbox/bootstrap): GPU Landlock baseline paths and CDI spec missing diagnosis by @pimlock in #710
- fix(sandbox): relay WebSocket frames after HTTP 101 Switching Protocols by @johntmyers in #718
Full Changelog: v0.0.20...v0.0.21
Contributors
drew, pimlock, and 2 other contributors
Assets 9
OpenShell v0.0.20
OpenShell v0.0.20
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.20 shWhat's Changed
- feat(bootstrap,cli): switch GPU injection to CDI where supported by @elezar in #495
- feat(sandbox): switch device plugin to CDI injection mode by @elezar in #503
- fix(docker): restore apt cleanup chaining in cluster image by @pimlock in #702
- fix(cluster): pass resolv-conf as kubelet arg and pin k3s image digest by @drew in #701
- fix(server): return already_exists for duplicate sandbox names by @drew in #695
- fix(bootstrap): stream image push through temp file to prevent OOM by @drew in #700
- docs(agents): add security analysis protocol to principal-engineer-reviewer by @johntmyers in #711
- feat(sandbox): extend L7 credential injection to query params, Basic auth, and URL paths by @johntmyers in #708
- fix(sandbox): eliminate Box::leak memory leak in rewrite_forward_request by @johntmyers in #715
- chore(mise): use install_only_stripped precompiled Python flavor by @drew in #693
- fix(bootstrap): handle tar paths exceeding 100 bytes by @johntmyers in #721
Full Changelog: v0.0.19...v0.0.20
Contributors
drew, elezar, and 2 other contributors
Assets 9
OpenShell v0.0.19
OpenShell v0.0.19
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.19 shWhat's Changed
- fix(proxy): add L7 inspection to forward proxy path by @latenighthackathon in #666
- fix(ci): skip docs preview deploy for fork PRs by @johntmyers in #679
- docs(rfc): add RFC process with draft/review/accepted lifecycle by @drew in #678
- fix(e2e): add uv-managed python binary glob to forward proxy L7 test by @johntmyers in #686
- fix(l7): reject requests with both CL and TE headers in inference parser (CWE-444) by @latenighthackathon in #671
- fix(sandbox): handle per-path Landlock errors instead of abandoning entire ruleset by @johntmyers in #677
- Missed input parameter to init OpenClaw container by @vcorrea-ppc in #645
- feat(sandbox): add L7 query parameter matchers by @johntmyers in #617
- perf(sandbox): streaming SHA256 and spawn_blocking for identity resolution by @koiker in #555
- feat(inference): allow setting custom inference timeout by @pentschev in #672
- fix(sandbox): track PTY state per SSH channel to fix terminal resize by @johntmyers in #687
New Contributors
- @vcorrea-ppc made their first contribution in #645
- @koiker made their first contribution in #555
- @pentschev made their first contribution in #672
Full Changelog: v0.0.18...v0.0.19
Contributors
drew, pentschev, and 4 other contributors